Package org.dspace.app.rest.security

Interface RestAuthenticationService

  • All Known Implementing Classes:
    JWTTokenRestAuthenticationServiceImpl
    @Service
public interface RestAuthenticationService
    Interface for a service that can provide authentication for the REST API
    Author:
    Frederic Van Reet (frederic dot vanreet at atmire dot com), Tom Desair (tom dot desair at atmire dot com)

    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      void addAuthenticationDataForUser​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, DSpaceAuthentication authentication, boolean addCookie)
      This method should be called after a successful authentication occurs.
      org.dspace.eperson.EPerson getAuthenticatedEPerson​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.dspace.core.Context context)
      Checks the current request for a valid authentication token.
      org.dspace.authenticate.service.AuthenticationService getAuthenticationService()
      Get access to the current AuthenticationService
      AuthenticationToken getShortLivedAuthenticationToken​(org.dspace.core.Context context, javax.servlet.http.HttpServletRequest request)
      Retrieve a short lived authentication token, this can be used (among other things) for file downloads
      String getWwwAuthenticateHeaderValue​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
      Return the value that should be passed in the WWWW-Authenticate header for 4xx responses to the client
      boolean hasAuthenticationData​(javax.servlet.http.HttpServletRequest request)
      Checks the current request for a valid authentication token.
      void invalidateAuthenticationCookie​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse res)
      Invalidate just the authentication Cookie (optionally created by addAuthenticationDataForUser()), while keeping the authentication token valid.
      void invalidateAuthenticationData​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.dspace.core.Context context)
      Invalidate the current authentication token/data in the request.

    • Method Detail

      • addAuthenticationDataForUser

        void addAuthenticationDataForUser​(javax.servlet.http.HttpServletRequest request,
                                  javax.servlet.http.HttpServletResponse response,
                                  DSpaceAuthentication authentication,
                                  boolean addCookie)
                           throws IOException
        This method should be called after a successful authentication occurs. It gathers the authentication data for the currently logged in user, adds it into the auth token & saves that token to the response (optionally in a cookie).
        Parameters:
        request - current request
        response - current response
        authentication - Authentication data generated by the authentication plugin
        addCookie - boolean, whether to save the generated auth token to a Cookie or not. Default is false. However, some authentication methods may require this information be saved to a cookie (even temporarily) in order to complete the login process (e.g. Shibboleth requires this)
        Throws:
        IOException

      • getShortLivedAuthenticationToken

        AuthenticationToken getShortLivedAuthenticationToken​(org.dspace.core.Context context,
                                                     javax.servlet.http.HttpServletRequest request)
        Retrieve a short lived authentication token, this can be used (among other things) for file downloads
        Parameters:
        context - the DSpace context
        request - The current client request
        Returns:
        An AuthenticationToken that contains a string with the token

      • getAuthenticatedEPerson

        org.dspace.eperson.EPerson getAuthenticatedEPerson​(javax.servlet.http.HttpServletRequest request,
                                                   javax.servlet.http.HttpServletResponse response,
                                                   org.dspace.core.Context context)
        Checks the current request for a valid authentication token. If found, extracts that token and obtains the currently logged in EPerson.
        Parameters:
        request - current request
        request - current response
        context - current DSpace Context
        Returns:
        EPerson of the logged in user (if auth token found), or null if no auth token is found

      • hasAuthenticationData

        boolean hasAuthenticationData​(javax.servlet.http.HttpServletRequest request)
        Checks the current request for a valid authentication token. If found, returns true. If not found, returns false
        Parameters:
        request - current request
        Returns:
        true if this request includes a valid authentication token. False otherwise.

      • invalidateAuthenticationData

        void invalidateAuthenticationData​(javax.servlet.http.HttpServletRequest request,
                                  javax.servlet.http.HttpServletResponse response,
                                  org.dspace.core.Context context)
                           throws Exception
        Invalidate the current authentication token/data in the request. This is used during logout to ensure any existing authentication data/token is destroyed/invalidated and cannot be reused in later requests.

        In other words, this method invalidates the authentication data created by addAuthenticationDataForUser().

        Parameters:
        request - current request
        response - current response
        context - current DSpace Context.
        Throws:
        Exception

      • getAuthenticationService

        org.dspace.authenticate.service.AuthenticationService getAuthenticationService()
        Get access to the current AuthenticationService
        Returns:
        current AuthenticationService

      • getWwwAuthenticateHeaderValue

        String getWwwAuthenticateHeaderValue​(javax.servlet.http.HttpServletRequest request,
                                     javax.servlet.http.HttpServletResponse response)
        Return the value that should be passed in the WWWW-Authenticate header for 4xx responses to the client
        Parameters:
        request - The current client request
        response - The response being build for the client
        Returns:
        A string value that should be set in the WWWW-Authenticate header

      • invalidateAuthenticationCookie

        void invalidateAuthenticationCookie​(javax.servlet.http.HttpServletRequest request,
                                    javax.servlet.http.HttpServletResponse res)
        Invalidate just the authentication Cookie (optionally created by addAuthenticationDataForUser()), while keeping the authentication token valid.

        This method may be used by authentication services which require a Cookie (i.e. addCookie=true in addAuthenticationDataForUser()). It's useful for those services to immediately *remove/discard* the Cookie after it has been used. This ensures the auth Cookie is temporary in nature, and is destroyed as soon as it is no longer needed.

        Parameters:
        request - current request
        res - current response (where Cookie should be destroyed)